When it comes to Cyber Security, leaving things up to fate or simply not knowing isn’t good enough. Leaving the safety of your business and its data up to chance is leaving it open to attack. When your clients ask how you let your data land in the hands of criminals, ‘I don’t know’ won’t be an acceptable answer.
As the CEO or Managing Director, you are the one who will be held accountable. Assess your readiness to deal with any potential cyber-attacks with the help of these three questions below.
Q1. Do you have an incident response plan?
YES – Great. Having an incident response plan is one of the fundamental and most vital components of your cyber security. This, paired with your cyber security expert to carry out your plan mean that you are a step closer to being prepared for any potential attacks.
NO – If you don’t have an incident response plan, you should immediately make it a priority to source one. Without a plan in place, you are leaving staff with no plan and therefore no idea on how to respond. This could not only mean that potential downtime will be increased (meaning you will lose money) it could even result in staff unintentionally making the situation worse.
Q2. Do you know your legal obligations of reporting a data loss?
YES – Knowing the legal procedures for reporting losses of personal data is key to comply with GDPR. In the case of an attack, knowing what to do might just mean you have one less thing – such as a fine that could be the end of the business– to worry about.
NO – A personal data breach must be reported to the ICO (Information Commissioners Office) within 72 hours of identifying the breach. Individuals whose data has been breached must also be informed. It is also essential to keep a record of data breaches. Failing to notify a breach when required to do so can result in a fine up to 10 million euros or 2 percent of your global turnover. For more information visit the Information Commissioners Website.
Q3. Are you complying with the UK Government standards of Cyber Security?
YES – This is a great first step, which means your business is meeting minimum cyber hygiene standards, but there is plenty more to come. Cyber Essentials is as it says, essential, and the first of many layers of security businesses need.
NO – By not complying to Cyber Essentials standards, you have no measure of whether or not you have adequate protection in place. Cyber Essentials is the government endorsed standard for businesses, so if you want to comply to the minimum government standard, it is essential. With more and more businesses in the UK completing this certification, by not doing so, you are by default painting a target on yourself.
m3 Networks offer a range of packaged cyber security services, suited for your business. We know that each business has its own requirements and needs its security to be a perfect fit.